CVE-2013-2174

Related Files

Gentoo Linux Security Advisory 201401-14

Posted Jan 20, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422

SHA-256 | db468e099ee0183090e4d1c7e60955a697fc5a4848c7ebb9fdb2c66ab4bb731a

Download | Favorite | View

Ubuntu Security Notice USN-1894-1

Posted Jul 2, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2013-2174

SHA-256 | b0c43d70dabde816e72333203f3561abb2c311b5c26d05e19a439e2952cf3e75

Download | Favorite | View

Mandriva Linux Security Advisory 2013-180

Posted Jun 27, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.

tags | advisory

systems | linux, mandriva

advisories | CVE-2013-2174

SHA-256 | 8930cdf17b729214cd1f709f26c69dc0640e1825f1cf4dcfb9fa79a62710a602

Download | Favorite | View

Red Hat Security Advisory 2013-0983-01

Posted Jun 25, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol

systems | linux, redhat

advisories | CVE-2013-2174

SHA-256 | a7fa5f3acd97b0e062e7116dd627f4fc0ac45395d1e94fe95cabb6cf342a2e84

Download | Favorite | View

Debian Security Advisory 2713-1

Posted Jun 24, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2713-1 - Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.

tags | advisory, overflow

systems | linux, debian

advisories | CVE-2013-2174

SHA-256 | 2a3177b0decec0b66bb06d3fca3d92f4d480348652de9adecb14f0adf482aa97

Download | Favorite | View

Slackware Security Advisory - curl Updates

Posted Jun 24, 2013

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2174.

tags | advisory

systems | linux, slackware

advisories | CVE-2013-2174

SHA-256 | 855af579db0811459acf4ff6e9f91c46f29a0716757bc8ca7f05fa2b305301ff

Download | Favorite | View